Think you received a package? Think again. Cybercriminals are currently spamvertising millions of emails impersonating UPS (United Parcel Service) in an attempt to trick users into downloading the viewing the malicious .html attachment.

More details:

Subject:UPS Delivery Notification, Tracking Number CDE_RANDOM_NUMBER

Sample message:You have attached the invoice for your package delivery. Thank you, United Parcel Service. *** This is an automatically generated email, please do not reply ***

Upon successful exploitaion the campaingn drops the following MD5 on the infected hosts, MD5: 5806aba72a0725a9d65eb12586846da3, currently detected by 8 out of 41 antivirus scanners as Gen:Variant.Kazy.74635; Trojan.PWS.Panda.655.

It’s worth pointing out that the initially spamvertised .html file doesn’t contain any exploit code in an attempt to trick antivirus scanners into thinking it’s a legitimate content.